search

e2email-org / e2email

E2EMail is a simple Chrome application - a Gmail client that exchanges OpenPGP mail.
Apache License 2.0
806 stars 62 forks source link

Security audit #42

Open breznak opened 7 years ago

breznak commented 7 years ago

For such sensitive app, it would be almost crucial to perform a security audit (once a semi-stable version is reached)

dumblob commented 7 years ago

As a good start, auditors shall refer to the "crypto heart" of this application and its threat model (look for the string mitiga to find out how they mitigate described attack vectors; some vectors might be though missing... thus the security audit).

sirdarckcat commented 7 years ago

The library received a few internal security reviews. The threat model posted above is a summary of the design level findings.